Friday, January 06, 2006

More On The WMF Vulnerability

The official Microsoft patch for the WMF vulnerability has been released in advance of their usual 'second tuesday of the month' patch schedule. In case you have the earlier 'unofficial' patch installed, here is what SANS recommends you do:

1. Reboot your system to clear any vulnerable files from memory
2. Download and apply the new patch
3. Reboot
4. Uninstall the unofficial patch, by using one of these methods:
a. Add/Remove Programs on single systems. Look for "Windows WMF Metafile Vulnerability HotFix"
b. or at a command prompt:
"C:\Program Files\WindowsMetafileFix\unins000.exe" /SILENT
c. or, if you used msi to install the patch on multiple machines you can uninstall it with this:
msiexec.exe /X{E1CDC5B0-7AFB-11DA-8CD6-0800200C9A66} /qn
5. Re-register the .dll if you previously unregistered it (use the same command but without the "-u"):
regsvr32 %windir%\system32\shimgvw.dll

Or else just leave it in place, as long as it works. Here(.PDF) is some more technical background on this vulnerablility, for the curious.


Post a Comment

<< Home